Date: Mon, 25 Jul 2011 10:42:53 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: s <s@samu.pl> Cc: freebsd-hackers@freebsd.org Subject: Re: Finding symlink information in MAC Framework Message-ID: <alpine.BSF.2.00.1107250942340.51541@fledge.watson.org> In-Reply-To: <c0c76b43d88b48a8b354df409b5167e5@samu.pl> References: <c0c76b43d88b48a8b354df409b5167e5@samu.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 15 Jul 2011, s wrote:
> I am trying to get some information related to the symlink which is being
> accessed by the user in MAC Framework. Currently I managed to get the
> uid/gid of the owner of the symlink that is being read, but now I need to
> get the same information about the target, that the symlink points to.
>
> static int samplemac_vnode_check_link (struct ucred *cred, struct vnode *vp,
> struct label *vplabel)
> {
>
> int error;
> struct vattr vap;
>
> error = VOP_GETATTR(vp, &vap, cred);
> if (error)
> return (1);
>
> if(vap.va_uid != 0) {
> log(LOG_NOTICE, "stub_vnode_check_readlink: %i, gid: %i\n",
> vap.va_uid, vap.va_gid);
> return (0);
> }
>
> return (0);
> }
>
> And I have no idea how could I do that. Where should I look for that info?
> And what way would be the fastest?
Hi Jakub:
Could you say a bit more about what you're trying to accomplish? The reason
it's hard to express what you're trying to do (inspect the target of a symlink
during a read of the symlink) is that it's not really a coherent concept in
terms of kernel implementation. At the point where the access control check
on readlink is occuring, the string hasn't yet been read from the link, and
even if it had, you couldn't look up the target object as you're already
holding locks relating to lookup and read of the symlink itself. Even if you
could, there's also a risk of recursion: the symlink could point straight back
to where you are, etc. The readlink check is mid-lookup and triggering an
entirely fresh lookup from there might be quite awkward for a number of such
reasons.
In general, however, this is not an issue for the policies we've encountered
thus far: they almost all care only about authorising path segment lookups (in
which case readlink is just another segment in evaluation), or absolute paths
to objects reconstructed during the actual operation on the target object,
etc. Hence my wondering what you're trying to accomplish -- the first
question, really, is "is what you're trying to express actually safely
expressible in a fine-grained, multiprocessing kernel?"
Robert
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1107250942340.51541>